Authenticate your Azure deployment workflow by using workload identities

Intermediate
Developer
Administrator
Solution Architect
Azure
Azure Active Directory
Azure Resource Manager
GitHub

Workload identities enable your deployment workflows to authenticate securely with Azure without you managing any passwords, keys, or secrets. In this module, you'll learn what workload identities are, how they work, and how to create them. You'll also learn how to grant them permission to your Azure resources so that your workflows can deploy your Bicep files.

Learning objectives

After completing this module, you'll be able to:

  • Explain what a workload identity is and describe three types of workload identities: service principals, managed identities, and federated credentials
  • Create a workload identity and link it to a GitHub Actions deployment workflow
  • Configure the appropriate authorization for a workload identity to deploy Azure resources

Prerequisites

You should be familiar with:

  • Creating and deploying basic Bicep templates.
  • Azure, including the Azure portal, subscriptions, resource groups, and resource definitions.
  • Basic GitHub Actions workflows.